[OWASP-ESAPI] SafeRequests within SafeRequests

Stewart Short stewart_short at hotmail.com
Tue May 26 08:09:30 EDT 2009


Our web applications are based on WebLogic 8.1 page flows which is a technology built on top of struts. I have recently been looking at integrating OWASP ESAPI (v1.4) and one problem I noticed is that when processing involves a chain of actions, i.e. resulting in *.do requests, you end up with SafeRequests within SafeRequests, with one level for each action in the chain. Therefore, should the doFilter method in SafeHTTPFilter only create a new SafeRequest if the request passed in is not an instance of SafeRequest?
 
Regards,
 
Stewart Short
_________________________________________________________________
Beyond Hotmail — see what else you can do with Windows Live.
http://clk.atdmt.com/UKM/go/134665375/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20090526/4b3cdbf8/attachment.html 


More information about the OWASP-ESAPI mailing list